Subject: Authentication and Site Licences and the JANET cache
Daniel Feenberg (feenberg@nber.org)
Date: Thu, 18 Feb 1999 17:34:53 -0500 (EST)
Date: Thu, 18 Feb 1999 17:34:53 -0500 (EST) From: Daniel Feenberg <feenberg@nber.org> Message-Id: <199902182234.RAA15646@nber.nber.org> To: arl-ejournal@arl.org Subject: Authentication and Site Licences and the JANET cache
We publish a series of research reports that are available to
subscribers over the web. We use IP address based authentication.
Lately I have had quite a few messages from England about failed
authentication. I would appreciate comments on the boilerplate that
I send in reply to such messages. Here it is:
Question:
Why can't I access the full text of papers? My university is a
subscriber.
Answer:
The problem is that traffic from English universities now goes through a
cache engine in the domain wwwcache.ja.net. Since this computer covers
all English universities, I can't put it in our authorization database.
We never get a query directly from your computer or your university
cache - every query comes from the Janet engine.
If you have any contacts at the network services office of your
university, you could ask them to modify the ACL on their cache engine
so as not pass on requests for http://nberws.nber.org/ to the off-campus
cache engine. It is fine for them to cache those pages themselves, of
course.
One proposed solution, which works for some sites, is to browse a
special web server we have set up on port 81 of our web server. The
user would then browse:
http://nberws.nber.org:81/papers/w0000.pdf
(where 0000 is the paper number) to actually down load the paper. I
understand that some sites passs port 81 to the off-campus cache,
defeating this strategy. If any significant usage were to develop
on this port, we would modify our server to automatically recognize
requests from Janet, and automatically specify port 81 in HTML
returned to those sites. This would make the procedure completely
user-transparent. However at this time there are no regular users of
this server.
If you want to make this subscription work, I suggest going to the
library staff person in charge of online publications. If you can
convince that person there is an issue here, he can refer it to your
network services group as a serious issue worthy of attention. I have
no access to your network services group, and cannot make anything
happen there. If they have an alternative proposed solution, and it
requires action at my end, I will cooperate. But the proposed solution
must be for a site license scheme, not a login-id/password scheme
(unless someone at your end will handle the paperwork).
The alternative that I have suggested in the past is for Janet to
enable the 'X-Forwarded-for:' header for requests. This would give
us the IP address of the original requester, and we could authorize
or not according to our database. Once we so authorized, Janet could
service the request from the cache database minimizing overseas line
charges. However, Janet has made a policy decision not to provide
that header, to enhance privacy.
I really want to make this work, and am very open to suggestions. If
anyone at Janet will contact me, I would be glad to work with them to
find a solution.
This brings up a delicate point. If a university feels that it wants a
subscription to our service, but does not want to identify itself when
making requests, it is very difficult for us to respond. We are willing
to go halfway in this matter, but some cooperation from the University
(or its agent, Janet) will be required to make progress in this matter.
Daniel Feenberg
National Bureau of Economic Research
feenberg@nber.org
This archive was generated by hypermail 2a16 : Wed Dec 22 1999 - 09:15:06 EST